Symantec Power Eraser using Symantec Help (SymHelp) Tool.
The Symantec Power Eraser is aimed at the detection and clean-up of "zero-day" threats as well as other threats which may have infected the user’s system. Zero-day threats are those that take advantage of a newly discovered hole in a program or operating system before the developers have made a fix available – or before they are even aware that a hole exists.
NOTE: It is recommended to have an Internet connection when using SymHelp and Symantec Power Eraser. This would assist in downloading the Latest Version of SymHelp and Latest Power Eraser Definitions when running Symantec Power Eraser. Incase, there is no Interent connection, Power Eraser would use the default definitions which are available with the SymHelp Tool.
To Remove a Threat Using Symantec Power Eraser
1. Start your Symantec Help Tool. Download Page: The Symantec Help (SymHelp) Tool
2. Upon installation of Symantec Help Tool, select "Symantec Power Eraser" as shown in the diagram below.
3. Symantec Power Eraser GUI gives us following options:
- Scan for Risks - additionally available for selection is "Include a Rootkit Scan" - this will require a reboot.
- History - where we can check results of previous Power Eraser sessions, you can as well recover from here files that were previously detected
- Settings - enables to selected "Include a Rootkit Scan" option and set up a network configuration.
4. When the scan completes, note what files were identified (some legitimate files may be identified) and select any suspicious programs you wish to remove and click Fix (this will cause the system to reboot). You may wish to select to save a copy of the log records to the desktop.
5. Have the user continue to operate their computer and perform any specific behaviors that would normally cause the symptoms to appear.
To Undo a Change Threat Using Symantec Power Eraser
1. Launch the Symantec Help Tool and select Symantec Power Eraser.
2. Click History
3. Select the Session you want to restore and click on "Restore".
- Is Symantec Power Eraser (SPE) safe to use on a windows server?
- What ports need to be open?
- We recommended that in order to get SPE to work on a restricted network, you will need to open all http and https traffic from *.symantec.com and *.norton.com.
- When should I use the product in safe mode with networking vs. regular mode?
- The tool should be run in normal mode first. Some threats block the tool from running in normal mode or block all exe files from running. In these cases, a second attempt should be made by running the tool in safe mode with networking.
- What threat families is the tool most effective at remediating?
- SPE is effective against known and unknown threats with the exception of file infectors.
Consider Using Symantec Power Eraser when:
You have an outbreak on a small number of workstations or windows servers
- A reoccurring pop up notification
- Alerts indicating that they are infected
- Prompts to register (buy) the solution
- Fake Blue Screen Of Death messages
- Is not a solution to be deployed or implemented on large scale outbreaks.
- Is not a replacement for regular daily AV scanners.
- Will go through the process of rebooting the machine up to 2 times if it suspects that the machine is infected with malware, using the remediation workflow.
- Will not protect against re-infection. Users should verify that their Symantec product is receiving updated virus definitions. This will ensure they are protected.
The Benefits of Running Symantec Power Eraser
- Expedites your helpdesk team process by using Symantec Power Eraser as a first response remediation tactic.
- Reduces employee downtime by allowing users to return to work more quickly.
- Requires no backup and restoring of files as compared to the reimaging of systems.
- Common alternatives such as either individual threat remediation with threat specific remediation tools, or reimaging of the workstations and restoring files require more time and decreases productivity of the helpdesk team and the impacted employee.